A remote SQL injection vulnerability exists in Smartblog. An attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary SQL commands in the back-end database, allowing the attacker to bypass authentication and gain access to sensitive data. The vulnerable parameter is 'idt' which is located in the 'index.php' script.
An attacker can exploit a SQL injection vulnerability in BlogMe PHP to gain access to the database. The exploit involves sending a maliciously crafted HTTP request to the comments.php page with an ID parameter set to -1 UNION SELECT 1,2,3,4,5,6,aes_decrypt(aes_encrypt(user(),0x71),0x71)-- OR -1 UNION SELECT 1,2,unhex(hex(database())),4,5,6,7--.
ItCMS 1.9 is vulnerable to Remote File Rewriting. The vulnerable file is /box/minichat/boxpop.php
A vulnerability exists in ActualAnalyzer Lite (free) 2.78 which allows an attacker to include a file from the local file system. The vulnerability is due to insufficient sanitization of user-supplied input to the 'style' parameter in 'admin.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with directory traversal sequences (e.g. '../') to the vulnerable script. This can allow the attacker to include and execute arbitrary local files on the vulnerable system.
This script will exploit a Blind SQL Injection Vulnerability in Joomla com_webhosting. It uses a Perl script to send a GET request to the target server with a malicious SQL query. The malicious query is crafted to extract data from the database by using the SUBSTRING function. The script then checks the response for a certain string, which indicates whether the query was successful or not.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'CONFIG[LANGUAGE_CPATH]' and 'CONFIG[BASE_PATH]' parameters to the 'embedforum.php' and 'lib.inc.php' scripts respectively. This can be exploited to execute arbitrary PHP code by including a remote file via a URL in these parameters.
Multiple scripts in Harris Wap Chat are vulnerable to remote file include vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted URL to the vulnerable application. This will allow the attacker to execute arbitrary code on the vulnerable system.
A vulnerability exists in OxYProject 0.85 (edithistory.php) which allows an attacker to execute arbitrary code on the vulnerable system. The vulnerability is due to the application not properly sanitizing user-supplied input. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary code on the vulnerable system.
PBCS Version 0.7.1 is vulnerable to Remote File Upload, Remote File Disclosure, and File Disclosure. An attacker can exploit these vulnerabilities to upload malicious files, disclose sensitive information, and gain access to the system.
LokiCMS 0.3.3 is vulnerable to an arbitrary file delete vulnerability. An attacker can delete any file on the server by sending a specially crafted HTTP request to the admin.php page. This can be used to delete critical files such as the Config.php file, which will cause users to be unable to view the index page normally and will only see errors.
Services By CQR